1 / 29

Cracking Techniques

Cracking Techniques. Onno W. Purbo Onno@indo.net.id. Referensi. http://www.rootshell.com Front-line Information Security Team, “Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks,” fist@ns2.co.uk & http://www.ns2.co.uk. Referensi.

huyen
Download Presentation

Cracking Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cracking Techniques Onno W. Purbo Onno@indo.net.id

  2. Referensi • http://www.rootshell.com • Front-line Information Security Team, “Techniques Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive Private Networks,” fist@ns2.co.uk & http://www.ns2.co.uk

  3. Referensi • http://www.antionline.com/archives/documents/advanced/ • http://www.rootshell.com/beta/documentation.html • http://seclab.cs.ucdavis.edu/papers.html • http://rhino9.ml.org/textware/

  4. Introduction

  5. Just who is vulnerable anyway? • Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Contractors to various goverment agencies • Multinational corporations

  6. Profile of a typical 'system cracker' • Usually male, aged 16-25. • To improve their cracking skills, or to use network resources for their own purposes. • Most are opportunists • Run scanners for system vulnerabilities. • Usually gain root access; then install a backdoor and patch the host from common remote vulnerabilities.

  7. Networking methodologies adopted by many companies

  8. Internet’s purposes .. • The hosting of corporate webservers • E-mail and other global communications via. the internet • To give employees internet access

  9. Network separation • Firewall • Application Proxies

  10. Understanding vulnerabilities in such networked systems

  11. Understanding vulnerabilities • External mailserver must have access to mailservers on the corporate network. • agressive-SNMP scanners & community string brute-force programs, turn router into bridge.

  12. The attack

  13. Techniques used to 'cloak' the attackers location • Bouncing through previously compromised hosts via. telnet or rsh. • Bouncing through windows hosts via. Wingates. • Bouncing through hosts using misconfigured proxies.

  14. Network probing and information gathering • Using nslookup to perform 'ls <domain or network>' requests. • View the HTML on your webservers to identify any other hosts. • View the documents on your FTP servers. • Connect to your mailservers and perform 'expn <user>' requests. • Finger users on your external hosts.

  15. Identifying trusted network components • a trusted network component is usually an administrators machine, or a server that is regarded as secure. • start out by checking the NFS export & access to critical directory /usr/bin, /etc and /home. • Exploit a machine using a CGI vulnerability, gain access to /etc/hosts.allow

  16. Identifying vulnerable network components • Use Linux programs such as ADMhack, mscan, nmap and many smaller scanners. • binaries such as 'ps' and 'netstat' are trojaned to hide scanning processes. • If routers are present that are SNMP capable, the more advanced crackers will adopt agressive-SNMP scanning techniques to try and 'brute force‘ the public and private community strings of such devices.

  17. Perform types of checks • A TCP portscan of a host. • A dump RPC services via. portmapper. • A listing of exports present via. nfsd. • A listing of shares via. samba / netbios. • Multiple finger to identify default accounts. • CGI vulnerability scanning. • Identification of vulnerable versions of server daemons, including Sendmail, IMAP, POP3, RPC status & RPC mountd.

  18. Taking advantage of vulnerable components • Identify vulnerable network components  compromise the hosts. • Upon executing such a program remotely to exploit a vulnerable server daemon • Gain root access to your host.

  19. Upon gain access to vulnerable components • 'clean-up‘ operation of doctoring your hosts logs • 'backdooring' service binaries. • place an .rhosts file in the /usr/bin to allow remote bin access to the host via rsh & csh

  20. Abusing access & privileges

  21. Downloading sensitive information • 'bridge' between the internet - corporate network. • Abusing the trust with the external host.

  22. Cracking other trusted hosts and networks • Install trojans & backdoors + remove logs. • Install sniffers on your hosts.

  23. Installing sniffers • Use 'ethernet sniffer' programs. • To 'sniff' data flowing across the internal network  a remote root compromise of an internal host. • To detect promiscuous network interfaces  the 'cpm' http://www.cert.org/ftp/tools/cpm/

  24. Taking down networks • rm -rf / & • 'mission critical' routers & servers are always patched and secure.

More Related